Effective Date: August 7th, 2020
Visit or use our website: www.citruslabs.com (“Website Visitor”) or individuals who request us to contact them via our online web forms;
Register to use the products and services which we market for purchase or subscription on www.citruslabs.com, including but not limited: Patient Recruitment Services, Citrus Platform and other Software Products (“Services”); or Current Customers using the Services pursuant to a written agreement with Citruslabs;
Attend or register to attend sponsored events or other events at which Citruslabs participates (“Attendees”).
For the purpose of this Policy, the term “Website” shall refer to www.citruslabs.com.
Our website may contain links to other websites. The information practices and the content of such other websites are governed by the privacy statements of such other websites. We encourage you to review the privacy statements of any such other websites to understand their information practices.
With the exception of Account Information (as defined below) and other information we collect in connection with your registration or authentication into our Services, this Policy does not apply to our security and privacy practices in connection with your access to and use of the products and services which we market for patient recruitment, software solutions such as the Citrus Platform, and other subscription services on our website (our “Services”). We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received. These security and privacy practices, including how we protect, collect, and use electronic data, text, messages, communications or other materials submitted to and stored within the Services by You (“Service Data”), are detailed in and governed by our Master Services Agreement or Customer Agreement, or such other applicable agreement between you and Citruslabs relating to your access to and your use of such Services (collectively referred to as the “Service Agreement”).
Users and customers of our Services are solely responsible for establishing policies for, and ensuring compliance with, all applicable laws and regulations, as well as any and all privacy policies, agreements or other obligations, relating to the collection of personal information in connection with the use of our Services by individuals (also referred to as “data subjects”) with whom our Users and Customers interact. If you are an individual who interacts with a Users or Customer using our Services, then you will be directed to contact our User or Customer for assistance with any requests or questions relating to your personal information.
The use of information collected through our Services shall be limited to the purpose of providing the service for which Customers have engaged Citruslabs. If you are an individual who interacts with a Customer using our Services (such as patients being screened or participating in a clinical trial) and would either like to amend your contact information or no longer wish to be contacted by one of our Customers that use our Services, please contact the Customer that you interact with directly.
5. Types of data we collect
We collect the following data, which may include personal data when you use the Citruslabs Website.
Information that you provide to us
Account and Registration Information:
We ask for and may collect personal information about you such as your name, address, phone number, email address, and credit card information, as well as certain related information like your company name and website name, when you register for an account to access or utilize one or more of our Services (an “Account”). We also ask for and collect personal information such as an email address and a name or alias from any individual that you authorize to log into and utilize our Services in connection with Your Account (as defined in the Service Agreement). We base the processing of your personal information on our legitimate interest to provide you with the necessary functionality required during your use of our Service(s);
If you decide that your preferred way of payment is via credit card, a third-party intermediary is used to manage credit card processing. This intermediary is not permitted to store, retain, or use your billing information for any purpose except for credit card processing on our behalf.
We refer to any information described above as “Account Information” for the purposes of this Policy. By voluntarily providing us with Account Information, you represent that you are the owner of such personal information or otherwise have the requisite consent to provide it to us.
We ask for and may collect personal information from you when you submit web forms on our website or as you use interactive features of the website, including: participation in surveys, contests, promotions, sweepstakes, requesting customer support, or otherwise communicating with us. We process your personal information to perform our contract with you for the use of our website and the Service(s) and to fulfill our obligations under the Services Agreement to you; where we have not entered into the Services Agreement with you, we base the processing of your personal information on our legitimate interest to operate and administer our website and to provide you with the content you access and request.
We ask for and may collect personal information such as your name, address, phone number, and email address when you register for or attend a sponsored event or other events at which Citruslabs participates, in order to facilitate your registration or attendance at an event, including sending related communications to you.
To use some or all of our Services, you may need to upload information about your patients’. We don’t control the data that you upload to our Systems. We will store your User Content and make it available to you through our Platform and Services.
Information that we collect from you on our website
Cookies and Other Tracking Technologies:
We may use web beacons, tags and scripts on our website or in email or other electronic communications we send to you. These assist us in delivering cookies, counting visits to our website, understanding usage and campaign effectiveness and determining whether an email has been opened and acted upon. We may receive reports based on the use of these technologies by our third-party service providers on an individual and aggregated basis.
As is true with most websites and services delivered over the Internet, we gather certain information and store it in log files when you interact with our website and Services. This information includes internet protocol (IP) addresses as well as browser type, internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information you search for, locale and language preferences, identification numbers associated with your devices, your mobile carrier, and system configuration information. Occasionally, we connect personal information to information gathered in our log files as necessary to improve our website and services. In such a case, we would treat the combined information in accordance with this Policy.
Information collected from other sources
Social Media Widgets:
Our website includes social media features, such as the “Facebook Like” button, and widgets, such as the “Share This” button or interactive mini-programs that run on our website. These features may collect your Internet protocol address, which page you are visiting on the website, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on the website. Your interactions with these features are governed by the privacy statement of the companies that provide them.
6. How we use information that we collect
We may use the information we collect about you (including personal information, to the extent applicable) in order to perform our obligations under our Services Agreement with you and on the basis of our legitimate interest including to (a) provide, operate, maintain, improve, and promote the website and the Services; (b) enable you to access and use our website and the Services; (c) process and complete transactions, and send you related information, including purchase confirmations and invoices; (d) send transactional messages, including responses to your comments, questions, and requests; provide customer service and support; and send you technical notices, updates, security alerts, and support and administrative messages; (e) send promotional communications, such as providing you with information about products and services, features, surveys, newsletters, offers, promotions, contests, and events; and provide other news or information about us and our partners (you can opt-out of receiving marketing communications from us by following the unsubscribe instructions included in our marketing communications); (f) process and deliver contest or sweepstakes entries and rewards; (g) monitor and analyze trends, usage, and activities in connection with our website and Services and for marketing or advertising purposes; (h) investigate and prevent fraudulent transactions, unauthorized access to the website and the Services, and other illegal activities; (i) personalize the website and Services, including by providing features or advertisements that match your interests and preferences; and (j) for other purposes for which we obtain your consent.
Legal basis for processing (EU-visitors only):
If you are a visitor from the European Union (“EU”), our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will normally collect personal information from you only where we need the personal information to perform a contract with you (e.g. to provide you with our Services), where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms, or where we have your consent. In some cases, we may also have a legal obligation to collect personal information from you.
If we ask you to provide personal information to comply with a legal requirement or to perform a contact with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).
Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time why we need to use your personal information. If we process personal information in reliance on your consent, you may withdraw your consent at any time.
If you have questions about, or need further information concerning, the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “Contact Us” section below.
7. Sharing of information collected
Third parties designated by you:
When you use Citruslabs, we share information, including personal information, with third parties that you authorize to receive such information. As a result, we may provide your personal information to such third party companies. Because we do not control these third-party privacy practices of these third-party companies, you should read and understand their privacy policies and ensure that you have obtained all necessary consents to disclose the personal information of your clients in the manner described herein.
Third-party service providers:
We share information, including personal information, with our third-party service providers that we use to provide hosting for and maintenance of our website, application development, backup, storage, payment processing, analytics and other services for us. These third-party service providers may have access to or process your personal information for the purpose of providing these services for us. We do not permit our third-party service providers to use the personal information that we share with them for their marketing purposes or for any other purpose than in connection with the services they provide to us. However, because we do not control these third-party privacy practices of these third-party companies, you should read and understand their privacy policies and ensure that you have obtained all necessary consents to disclose the personal information of your clients in the manner described herein.
Compliance with laws and law enforcement requests; Protection of our rights:
In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may disclose personal information to respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims. We may also share such information if we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Service Agreement, or as otherwise required by law.
From time to time, we may post testimonials on our website that may contain personal information. We obtain your consent to post your name along with your testimonial. If you wish to update or delete your testimonial, you can contact us here.
If you choose to use our referral service to tell a friend about our products and services, we will ask you for your friend’s name and email address. You must only provide your friend’s name and email address if you have a reasonable belief they will not object to us contacting them. If you do, We will automatically send your friend an email inviting him or her to visit our website and will store this information for the purpose of sending this initial email, tracking the success of our referral program and other marketing activities. Your referral may contact us here to request that we remove his/her information from our database.
The website may offer publicly accessible blogs, community forums, comments sections, discussion forums, or other interactive features (“Interactive Areas”). You should be aware that any information that you post in an Interactive Area might be read, collected, and used by others who access it. To request removal of your personal information from an Interactive Area, contact us here. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
8. Protected Health Information
10. Other important privacy information
Notice to End-Users
Our Services are intended for use by enterprises. Where our Services are made available to you through a Customer of ours, that enterprise is the data controller of your personal information. Your data privacy questions and requests should initially be submitted to the Citruslabs Customer in its capacity as your data controller. Citruslabs is not responsible for our Customer’s privacy or security practices which may be different from this Policy.
Citruslabs’ Customers are able to:
restrict, suspend or terminate your access to the Services;
access and describe your personal information that you provided to them;
access and export your personal information processed by them; and
amend your personal information, including your end-user profile.
Where Citruslabs is the data controller of personal information (for example, personal information relating to Website Visitors, Attendees and individuals who register to use our Services), then we retain the personal information we collect where we have an ongoing legitimate business need to do so (for example, to provide you with our Services, to enable your participation in an event, and to comply with applicable legal, tax or accounting requirements).
When we have no ongoing legitimate business need to process your personal information, we will either delete or aggregate it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
If your personal information is processed within a Customer’s Service Data, we will process the personal information for as long as we are instructed to do so by the relevant Customer that is the data controller of the Customer Service Data.
11. How to exercise your data protection rights
You have certain choices available to you when it comes to your personal information. Below is a summary of those choices, how to exercise them, and any limitations.
Correcting, updating, and removing your information:
An individual who seeks to exercise their data protection rights in respect of personal information stored or processed by us on behalf of a Customer of ours within the Customer’s Service Data (including to seek access to, or to correct, amend, delete, port or restrict processing of such personal information) should direct his/her query to our Customer (the data controller). Upon receipt of a request from one of our Customers for us to remove the personal information, we will respond to their request within thirty (30) days. We will retain personal information that we process and store on behalf of our Customers for as long as needed to provide the Services to our Customers.
Accessing and updating or deleting your information:
Our Services and related documentation give End-Users the ability to access, update, and delete certain personal information from within the Service. For example, you can access your End-User profile and make updates to your personal information. In cases where we act as the data controller of your personal information, we will provide you with information about whether we hold any of your personal information upon request. We will respond to such requests within a reasonable timeframe. Please note, however, that we may need to retain certain information for record-keeping purposes, to complete transactions or to comply with our legal obligations.
Deactivating your user profile:
If you no longer wish to use our Services, Citruslabs’ Customer may be able to deactivate your End-User account. First, please contact Citruslabs’ Customer Service with your request. If you are a Citruslabs Customer and are unable to deactivate an End-User account through your administrator settings, please contact us here. Please be aware that deactivating your account does not delete your information; your information remains visible to other Service users based on your past participation within the Services.
Request that we stop using your information:
You may request that your personal information no longer be accessed, stored, used and otherwise processed where you believe that a Citruslabs Customer or Citruslabs do not have the appropriate rights to do so. For example, if you believe a Services account was created for you without your permission or you are no longer an active user, you can request that we delete your account as provided in this Policy. Where you gave us consent to use your personal information for a limited purpose, you can contact us to withdraw that consent. You can also opt-out of our use of your personal information for marketing purposes by contacting us, as provided below. When you make such requests, we may need time to investigate and facilitate your request. Please note that an End-User of a Citruslabs Customer should first contact Citruslabs’ Customer with a request to stop access, storage, use of personal information. If there is delay or dispute as to whether we have the right to continue using your personal information, we will restrict any further use of your personal information until the request is honored or the dispute is resolved, provided the Citruslabs Customer does not object (where applicable).
Opt-out of communications:
We offer those who provide personal contact information a means to choose how we use the information provided. You may manage your receipt of marketing and non-transactional communications by clicking on the “unsubscribe” link located on the bottom of our marketing emails or by replying “unsubscribe”. You may opt-out of receiving promotional communications from us by using this unsubscribe link within each email. Even after you opt-out from receiving promotional messages from us, if you are an End-User, then you will continue to receive transactional messages from us regarding our Services.
Other data protection rights:
If you wish to exercise any other data protection rights that are available to you under your local data protection laws (such as the right to data portability or to data restriction) then please contact us here and we will respond to your request in accordance with applicable data protection laws.
You have the right to complain to your local data protection authority if you are unhappy with our data protection practices. Contact details for data protection authorities in the European Economic Area are available here.
12. Children’s Personal Information
We do not knowingly collect any personal information from children under the age of 13. If you are under the age of 13, please do not submit any personal information through our website or Services. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce this Policy by instructing their children never to provide personal information through the website or Services without their permission. If you have reason to believe that a child under the age of 13 has provided personal information to us through the Website or Services, please contact us here, and we will use commercially reasonable efforts to delete that information.
13. Business Transactions
We may assign or transfer this Policy, as well as your account and related information and data, including any personal information, to any person or entity that acquires all or substantially all of our business, stock or assets, or with whom we merge. If we do, we will inform them of the requirement to handle your personal information in accordance with this Policy.
The California Consumer Privacy Act (“CCPA”), which is effective as of January 1, 2020, regulates how we handle personal information of California residents and gives California residents certain rights with respect to their personal information.
When we act as a service provider (for example, by providing our services to another company that you interact with), we follow the instructions of the business that engaged us with respect to how we process your personal information. If you would like more information about how your personal information is processed by other companies, including companies that engage us as a service provider, please contact those companies directly.
Information We May Collect:
We may collect the following categories of information:
Internet or other electronic network activity information
Audio, electronic, visual, or similar information
Professional or employment-related information
For each category of information, we collect the information from a variety of sources, including directly from you, from your devices, from your social media profiles, and/or from third-party providers. We collect the information to provide you with services, protect our customers and ourselves (including the services), and to improve the services. We do not share personal information with third-parties as the term is defined under the CCPA.
We do not sell personal information of any individual, including personal information of minors under 16 years of age.
We have disclosed the following categories of personal information for a business purpose in the 12 months prior to this Policy’s last update.
Internet or other electronic network activity information
Audio, electronic, visual, or similar information
Professional or employment-related information
Inferences drawn from any of the above information.
We have not disclosed any personal information for valuable consideration in the 12 months prior to this Policy’s last update.
You may have certain rights with respect to your personal information, including:
The right to access, including the right to know the categories and specific pieces of personal information we collect;
The right to deletion of your personal information, subject to certain limitations under applicable law;
The right to request disclosure of information collected;
The right to disclosure of information disclosed for valuable consideration; and
The right not to be discriminated against for exercising certain rights under California law.
To exercise these rights, please submit a request here. Please be as specific as possible in relation to the personal information you wish to access. Once we receive your request, we will review it, determine whether we can verify your identity, and process the request accordingly. If we need additional information to verify your identity, we will let you know. We will respond to your request within 45 days of receipt, or notify you if we require additional time.
15. Contact us
If you have questions or complaints regarding this Policy or about Citruslabs privacy practices, please contact us here.